Hi all,
we are changing our ISP and so far we've had a static route set on the ISP router which routes all traffic for our subnet through our firewall WAN-IP. we have a few servers in our DMZ and the route ensured that the traffic directed at a server in the DMZ is going through our firewall.
Now, we have received the new router from the new ISP and I asked them to also implement the same static route. They've told me that this would not change anything, and that the router is in anycast mode and therefore there is no need for a static route.
Before we schedule the change to take place, I wanted to try if it really works routing-wise (I dont want to inform all the users and show up during the evening just to realize halfway-through that it doesnt work). This would involve changing some cabling, adapting firewall rules and objects etc etc, therefore I thought maybe the following idea would work to check the inbound routing:
I tried to see something with Wireshark and what I did was the following: I plugged my laptop to the router and assigned it one of the new public IPs (let's say ending in .98, the same IP our WAN-interface would be assigned), then I sent an ICMP request from my phone to one of the public IP's in our range (let's say ending in .106, of course there is nothing in the network with this IP assigned, so there was no answer to the ping). I thought maybe I can see any ICMP traffic directed towards .106 on my laptop with .98, since with the firewall in between it would be a similar setup. But I did not see any traffic at all.
I am not a network pro and therefore I wanted to ask if my above idea could work or if something with the routing could no be right. The communication with the new ISP is a bit difficult and I don't have experience with anycast yet.
Thanks for your inputs!
No comments:
Post a Comment